The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability note CVE-2015-5154

QEMU: buffer overflow of ATAPI

Synthesis of the vulnerability

An attacker on the guest system can generate a buffer overflow with ATAPI commands of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 2/4.
Creation date: 27/07/2015.
Identifiers: CERTFR-2015-AVI-319, CERTFR-2015-AVI-320, CTX201593, CVE-2015-5154, DSA-3348-1, FEDORA-2015-12657, FEDORA-2015-12714, FEDORA-2015-13402, FEDORA-2015-13404, openSUSE-SU-2015:1964-1, openSUSE-SU-2015:2003-1, openSUSE-SU-2015:2249-1, RHSA-2015:1507-01, RHSA-2015:1508-01, RHSA-2015:1512-01, SUSE-SU-2015:1299-1, SUSE-SU-2015:1302-1, SUSE-SU-2015:1409-1, SUSE-SU-2015:1421-1, SUSE-SU-2015:1426-1, SUSE-SU-2015:1455-1, SUSE-SU-2015:1472-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2, SUSE-SU-2015:1643-1, SUSE-SU-2015:1782-1, USN-2692-1, VIGILANCE-VUL-17509, XSA-138.

Description of the vulnerability

QEMU emulates ATAPI commands, used by CDROM/DVD devices.

However, when a user with an emulated CDROMM/DVD device access on X86 systems, he can send more data than expected in a internal array storage, an overflow occurs in the QEMU process of the host system.

An attacker on the guest system can therefore generate a buffer overflow with ATAPI commands of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-4598 CVE-2015-4642 CVE-2015-4643

PHP: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 12/06/2015.
Revisions dates: 23/06/2015, 17/07/2015, 21/07/2015.
Identifiers: 68776, 69545, 69646, 69667, 69719, CERTFR-2015-AVI-265, CVE-2015-4598, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644, DSA-3344-1, openSUSE-SU-2015:1197-1, SOL17049, SSA:2015-198-02, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2015:1265-1, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-17113, WLB-2015060099.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can bypass escapeshellarg(), in order to inject commands. [severity:2/4; 69646, CVE-2015-4642]

An attacker can use the null character, in order to read or alter files. [severity:2/4; 69719, CVE-2015-4598]

An attacker can generate an integer overflow in ftp_genlist(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69545, CVE-2015-4643]

An attacker can inject additional headers via mail(), in order for example to add recipients. [severity:2/4; 68776]

An attacker can force a NULL pointer to be dereferenced in php_pgsql_meta_data(), in order to trigger a denial of service. [severity:1/4; 69667, CVE-2015-4644]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5600

OpenSSH: bypassing MaxAuthTries via KbdInteractiveDevices

Synthesis of the vulnerability

An attacker can bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Impacted products: BIG-IP Hardware, TMOS, Fedora, FreeBSD, Copssh, Juniper J-Series, JUNOS, McAfee NSP, McAfee Web Gateway, Data ONTAP, OpenSSH, Solaris, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/07/2015.
Identifiers: 9010048, bulletinoct2015, CERTFR-2015-AVI-431, CVE-2015-5600, FEDORA-2015-11981, FEDORA-2015-13469, FreeBSD-SA-15:16.openssh, JSA10697, NTAP-20151106-0001, RHSA-2015:2088-06, RHSA-2016:0466-01, SB10157, SB10164, SOL17113, SUSE-SU-2015:1581-1, USN-2710-1, USN-2710-2, VIGILANCE-VUL-17455.

Description of the vulnerability

The OpenSSH server uses the MaxAuthTries configuration directive to define the maximal number of authentication trials during a session.

The OpenSSH client uses the KbdInteractiveDevices option to define the list of authentication methods.

However, if the client uses "KbdInteractiveDevices=pam,pam,pam,etc.", the number of MaxAuthTries is multiplied. The limit thus becomes LoginGraceTime (10 minutes by default).

An attacker can therefore bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-2590 CVE-2015-2596 CVE-2015-2597

Oracle Java: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in July 2015.
Impacted products: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IRAD, SPSS Data Collection, SPSS Modeler, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, Domino, Notes, ePO, SnapManager, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]

An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]

An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]

An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-3259

Xen: buffer overflow of xl

Synthesis of the vulnerability

An attacker can make xl of Xen use an invalid pointer, in order to trigger a denial of service, and possibly to execute code in the host server.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-3259, DSA-3414-1, FEDORA-2015-11247, FEDORA-2015-11308, openSUSE-SU-2015:2003-1, openSUSE-SU-2015:2249-1, SUSE-SU-2015:1299-1, SUSE-SU-2015:1302-1, SUSE-SU-2015:1421-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2, VIGILANCE-VUL-17319, XSA-137.

Description of the vulnerability

The administration tool for Xen "xl" accepts configuration options in its command line.

These options are grouped into a configuration file by concatenation of arguments and end of line characters with the standard function "snprintf". However, the function "main_create" that does that does not check whether the resulting configuration is not longer than the statically allocated target buffer and it computes the result length without taking into account the possible truncation. When the options are too long, the result is that the resulting configuration is indeed truncated and the pointer to this result become invalid.

An attacker can therefore make xl of Xen use an invalid pointer, in order to trigger a denial of service, and possibly to execute code in the host server.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-5400

Squid cache: access control bypass with CONNECT commands

Synthesis of the vulnerability

An attacker can send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Impacted products: Debian, Fedora, openSUSE Leap, Squid, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-5400, DSA-3327-1, FEDORA-2016-7b40eb9e29, openSUSE-SU-2016:2081-1, SQUID-2015:2, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, VIGILANCE-VUL-17318.

Description of the vulnerability

The Squid cache product is notably an HTTP cache. It be used cascaded with other proxies.

The HTTP command CONNECT is used to create a direct tunnel between the end client and the end server. In this case, the cache only forward TCP data without examining them. This is most often used to start TLS tunnels. However, Squid does not check whether the CONNECT command is accepted by the end server or the next cache. When it is rejected, Squid continues to relay TCP data and so make the server believe that it communicates with an ordinary client the IP address of which is the one of the Squid host.

An attacker can therefore send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-0346 CVE-2015-0347 CVE-2015-0348

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Creation date: 14/04/2015.
Revision date: 06/07/2015.
Identifiers: 2755801, APSB15-06, CERTFR-2015-AVI-166, CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044, openSUSE-SU-2015:0718-1, openSUSE-SU-2015:0725-1, RHSA-2015:0813-01, SUSE-SU-2015:0722-1, SUSE-SU-2015:0723-1, VIGILANCE-VUL-16606, ZDI-15-133, ZDI-15-134, ZDI-15-293.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0347, ZDI-15-133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0350]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0352]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0353]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0354]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0355]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3038]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3041]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3042]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3043]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0356]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0348]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0349, ZDI-15-134]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0351]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0358]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3039, ZDI-15-293]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0346]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0359]

An attacker can read memory addresses, in order to obtain sensitive information. [severity:2/4; CVE-2015-0357]

An attacker can read memory addresses, in order to obtain sensitive information. [severity:2/4; CVE-2015-3040]

An attacker can bypass a feature, in order to obtain sensitive information. [severity:2/4; CVE-2015-3044]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-5364 CVE-2015-5366

Linux kernel: denial of service via UDP

Synthesis of the vulnerability

An attacker can flood a Linux host with UDP packet with wrong checksum, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Android OS, Linux, openSUSE, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/07/2015.
Identifiers: CERTFR-2015-AVI-311, CERTFR-2015-AVI-318, CERTFR-2015-AVI-331, CERTFR-2015-AVI-352, CERTFR-2015-AVI-357, CERTFR-2015-AVI-391, CVE-2015-5364, CVE-2015-5366, DSA-3313-1, DSA-3329-1, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, PAN-SA-2016-0025, RHSA-2015:1623-01, RHSA-2015:1778-01, RHSA-2015:1787-01, RHSA-2015:1788-01, RHSA-2016:0045-01, RHSA-2016:1096-01, RHSA-2016:1100-01, RHSA-2016:1225-01, SOL17307, SOL17309, SUSE-SU-2015:1224-1, SUSE-SU-2015:1324-1, SUSE-SU-2015:1478-1, SUSE-SU-2015:1592-1, SUSE-SU-2015:1611-1, USN-2678-1, USN-2680-1, USN-2681-1, USN-2682-1, USN-2683-1, USN-2684-1, USN-2685-1, USN-2713-1, USN-2714-1, VIGILANCE-VUL-17284.

Description of the vulnerability

UDP packets carry a checksum to check whether the packet has been corrupted in transit.

However, the check occurs quite late in the packet processing process. So, when the incoming packet rate is hight, the kernel spends too much time handling packet queue and other internal data structures, which prevent resuming the user processes.

An attacker can therefore flood a Linux host with UDP packet with wrong checksum, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-5352

OpenSSH: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSH.
Impacted products: BIG-IP Hardware, TMOS, Fedora, AIX, Copssh, OpenSSH, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 01/07/2015.
Identifiers: CERTFR-2015-AVI-282, CVE-2015-5352, FEDORA-2015-11063, FEDORA-2015-11067, RHSA-2016:0741-01, SOL17461, SUSE-SU-2015:1581-1, USN-2710-1, USN-2710-2, VIGILANCE-VUL-17276.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

An attacker can make profit of a lack of timer in the client program "ssh" to access to the X server without being authorized. [severity:2/4; CVE-2015-5352]

An attacker can guess the password that protects the private keys loaded by ssh-agent measuring the response time. [severity:1/4]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-4692

Linux kernel: NULL pointer dereference via kvm_apic_has_events

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in "kvm_apic_has_events()" of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 29/06/2015.
Identifiers: CERTFR-2015-AVI-269, CERTFR-2015-AVI-318, CERTFR-2015-AVI-331, CERTFR-2015-AVI-357, CVE-2015-4692, DSA-3329-1, FEDORA-2015-10677, FEDORA-2015-10678, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, SUSE-SU-2015:1324-1, USN-2678-1, USN-2680-1, USN-2681-1, USN-2682-1, USN-2683-1, USN-2684-1, USN-2685-1, VIGILANCE-VUL-17254.

Description of the vulnerability

The noyau Linux product offers a virtualization layer: KVM.

A KVM virtual machine may have an interrupt controller. In such a case, the emulation of which is partially implemented by the source file "arch/x86/kvm/lapic.h". However, the function "kvm_apic_has_events", defined in this file, it does not check whether a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in "kvm_apic_has_events()" of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: